Wired

Dear all,

whats the best practice to remove all AAA config from a profile.

the NO command for the authenticon ( mac/authenticator works) pure functional works but i can remove the following settings 

• aaa port-access authenticator tx-period 10
  aaa port-access authenticator supplicant-timeout 10
  aaa port-access authenticator client-limit 10
  aaa port-access mac-based addr-limit 10

Thanks

For some of the commands on ArubaOS switches, you will need to configure them to the default value in order to disappear. The configuration will show only values that have changed from the default. Example for your case:

sw01(config)# aaa port-access authenticator 5 tx-period 10
sw01(config)# aaa port-access authenticator 5 supplicant-timeout 10
sw01(config)# aaa port-access authenticator 5 client-limit 10
sw01(config)# aaa port-access mac-based 5 addr-limit 10
sw01(config)# show running-config interface 5

Running configuration:

interface 5
   untagged vlan 6
   aaa port-access authenticator tx-period 10
   aaa port-access authenticator supplicant-timeout 10
   aaa port-access authenticator client-limit 10
   aaa port-access mac-based addr-limit 10
   exit

sw01(config)# aaa port-access authenticator 5 tx-period 30
sw01(config)# aaa port-access authenticator 5 supplicant-timeout 30
sw01(config)# no aaa port-access authenticator 5 client-limit
sw01(config)# aaa port-access mac-based 5 addr-limit 1
sw01(config)# show running-config interface 5

Running configuration:

interface 5
   untagged vlan 6
   exit

You can look up the default in the Security Access Guide from the ArubaOS switch configuration.

We partially scripted it and just use this as a template:

no aaa port-access xxx mixed
no aaa port-access mac-based xxx
no aaa port-access authenticator xxx client-limit
no aaa port-access authenticator xxx
no port-security xxx
no spanning-tree xxx root-guard bpdu-protection
int xxx
name "xxx"
untagged vlan xx
ip source-lockdown
disable
enable
exit

TBB